More MyDoom Gloom

StarWreck points out this article in The Atlanta Journal Constitution citing "experts who believe the worm was put out for criminal profit motives by spammers and not by Linux Advocates." Further on that, deadmonk writes "MessageLabs is reporting that the recent Mydoom virus seems to have originated in Russia. A place where nobody gives a wet slap about a court case in the U.S. Personally, I'm looking for a serious apology (or at least a retraction) for the 'alleged' link between this ugly little nasty and Open Source / Linux users." Of course, there could be evil spammers who also like Linux (or don't like SCO), but until someone's caught, or fesses up, it's impossible to say. Read on for some more MyDoom updates, including a new variant (with a new payload), ramifications for Australians, and a forensic analysis of the worm.

fudgefactor7 writes "Hot on the heels of the last virus, Mydoom.b is on the loose. According to Computerworld, this variant has a larger payload and targets Microsoft's Web site for a distributed denial-of-service attack on Feb. 1, instead of The SCO Group Inc. Patch those systems and keep your A-V up to date. Definitions are available currently."

decaying writes "With the amount of virus-laden emails flying about due to the latest virus, Australian ISP Optus have started selectively blocking port 25 outbound. Optus say they are acting in accordance with their "Terms of use", quoting that they reserve the right to restrict access to any TCP/IP port. The only option is to use Optus' SMTP server and nothing else. Community site Whirlpool has an on-going discussion about the issue."

carnun writes "Just another link on MyDoom. Apparently the FBI are also getting in on the act. Interesting to see such a fast response." And to me, the most interesting one: Zeriel writes "After much discussion on a mailing list discussing trojan horses, some people have reached the conclusion that MyDoom doesn't accomplish its stated goal of DDOSing SCO at all! Choice quote from the analysis: "I have the new critter in a test environment where we conducted a preliminary and rudimentary functionality and threat analysis...I have played with the date, etc, but still no activity directed toward www.sco.com." The link also includes disassembly and analysis of the worm code."

I knew it...

[Anonymous Coward]

.. believe the worm was put out for criminal profit motives ..

So it was SCO!

OK, Deadmonk!!

[Anonymous Coward]

Personally, I'm looking for a serious apology (or at least a retraction) for the 'alleged' link between this ugly little nasty and Open Source / Linux users.

We'll get right on that!

Sincerely,
The Mass Media.

Am I the only one?

[CGP314]

place where nobody gives a wet slap

Anyone care to clarify what a wet slap is?

--
In London? Need a Physics Tutor? [colingregorypalmer.net]

American Weblog in London [colingregorypalmer.net]

Re:McBride interview

[haystor]

Bah!

The virus is closed source and runs on Windows. It clearly has nothing to with the GNU/Linux.

Hehe, insert joke about BSD catching a virus...

Re:McBride interview

[Vagrant]

SCO is the dark side of the open source movement.
Darth McBride: "You underestimate the power of the dark side. If you will not fight, then you will meet your destiny."

Bravo!

[Dman33]

Not to mention all of the scared users calling the helpdesk insisting that they are infected.

"Dude, you are using PINE! You are NOT infected!!!"

The new payload is to DDoS MS

[dupper]

All right, it's clearly one of us. 'Fess up, J. Random Slashdotter.

Also, you forgot to make an RIAA variant, dumbass!

We have you now...

[RobinH]

Of course, there could be evil spammers who also like Linux (or don't like SCO), but until someone's caught, or fesses up, it's impossible to say.

That sounds like terrorist speak to me. Thanks to recent legislation, anyone running Linux can now be 'detained' indefinitely without evidence. God bless Micro^H^H^H^H^H^H America.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Not to condone writing worms....

[pyros]

don't you realise that slashdot is a DDoS worm?

Re:Off Track

[Jonathan the Nerd]

How dumb do you have to be to actually think this malware was created by Linux zealots?

How dumb do you have to be to infuriate the entire Open Source community by claiming you own Linux and trying to license it for $699 per CPU?

Re:Am I the only one?

[Anonymous Coward]

Wah therecowboy... let's start slow here. What is this term "girl" you refer to?

Re:Off Trek

[NanoGator]

"It's entirely possible that the authors of this virus targeted SCO, simply to make it appear that Linux zealots were responsible..."

I wouldn't rule out Romulan involvement.

Clueless Newscaster.

[cant_get_a_good_nick]

A couple days ago, a local televisions station (Fox 32 Chicago) had a 20 second blurb on the worm. It said there was a new computer virus around. The picture? Apple iMac. At least it was the newer iMac, I'm surprised they didn't put a IIci on there.

The blurb had no information on what to do. Didn't say it was an MS virus, didn't say to go to any website to see what you could do. Just announced "another virus". Waste of time.

but there's an open source version of the virus...

[commodoresloat]

Greetings. You have been infected with GNU/MyDoom, a destructive anti-SCO virus brought to you by members of the open source community. In order to get this virus to infect your system properly, you will need to use wget to download mydoom-config-2.4.6 from one of the usual mirrors. Be careful; this version of the virus is not compatible with versions of mydoom-config prior to 2.4.4. After you have downloaded the config tools and issued the usual incantations (./configure; make; make install), you can configure the virus from any directory simply by typing sudo mydoom-config -ort [your login id] [your current IP address] [full path to your email client] [interval since last kernel rebuild in seconds]. This virus is licensed under the GPL. If you have any questions, be sure to RTFM, the docs are installed at /usr/share/info/mydoom and all your config files are stored at ~/.mydoom.

p.s. yes, it's an old joke, but still, you know you laughed....

Re:McBride interview

[Popageorgio]

Darth: "I am your father."
Linus: "Hell no, you're just a desperate old fart who's jealous of my DNA and wants to take some credit for it."
Darth: "Shit."

Re:Off Track

[The Analog Kid]

Because I'm sure framing someone else is such an ingenious origninal idea. Now if someone made a virus that changed your background to a picture of the goatse.cx man, well that would truely be ingenious.

McBride is cunning

[Anonymous Coward]

Oh and I just realized. The reason why SCO could seem to be so stupid:

Disgruntled SCO Employee: This company is going down the tubes. If I stay here much longer I'll never find work again! I quit! *slam*

Darl McBride: Damn! We just lost our last programmer! What are we going to do now?

Grand Vizier: *rubbing hands together* Well, now I suggest we go to the very salt of the earth...To the spammers!

McBride: Wha? What the hell are you talking about?

Mr. Burns: Obviously our only course of action is to utilize the dark side of the force. We must make those young linux whippersnappers look bad by making a virus that seems to target our own servers!

McBride: Brilliant! We'll make it look like those linux communists are trying to destroy our legitimate business! Make it so!

Mr. Burns: Eeeexcellent.....

Thus goes the story I heard from a passing lunatic...

Re:Off Track

[pegr]

I certainly hope the author wasn't a Linux zealot trying to harm SCO.

Especially when they're doing such a fine job all by themselves! ;)

This one?

[ebbomega]

To: Luser (whoever@blah.com)
From: Hax0r (jeffk@somethingawful.com)
Subject: *nix virus

This is the only known Virus that works on all *nix systems. Please forward this to everybody on your list and delete all the files on your harddrive. Thank you.

(Or something to that effect)

Re:Clueless Newscaster.

[mabu]

Wow, and you say this came from a FOX affilliate?

Imagine that.

I'm betting that Martians are behind this

[Snork Asaurus]

Earth has really been pissing Mars off lately:

1) Earth landed a multi-ship advance scouting party on Mars this month

2) An earth leader with a track record for aggression speculated in a speech about the resources that might be plundered from Mars

3) Earth announced that it was preparing a full scale manned invasion of Mars by 2050

4) SCO sent a letter demanding payment to Martian citizen Marvin, just in case he uses Linux in his Space Modulator

Re:but there's an open source version of the virus

[IdleTime]

You must be using one of those old and technologically outdated Linux distros as RedHat, SuSE or Debian.
All I do is emerge sync && emerge mydoom and I'm good to go. Ebuild is currently in Portage, just sync your systems :) Oh yeah, forgot to mention, Gentoo baby. LOL

Totally OT

[back_pages]

when I was an undergrad, a fun way for my friends and myself to amuse ourselves was to get really drunk (this makes it more amusing) and then cruise the schools intranet for dopes who had shared their entire hard drives on the network. We would do all sorts of bad things, but the best was defacing a person's Internet Explorer wallpaper.

In Win98, I believe the wallpaper filename was stored in win.ini (it doesn't appear to be so in Win2k and this seriously isn't interesting enough for me to look it up at the moment.) We would grab that file and take a peek. If they had an image suitable to be defaced, we would draw mustaches on everyone and draw little cartoon baloons saying stuff like, "UR COMPUTAR HAS EBOLA!!11" and then overwrite their copy of the file. If they had a stupid background, we'd find something funny to give them.

Between the sorely juvenile humor and the liquor, it was completely hilarious to us at the time. I was even called by the school's Computer Support Desk at one time to see if I knew anything about the rare computer virus the student computers had. And before anybody points out how childish and potentially criminal this was, let me say that it was childish and potentially criminal. We just screwed with people's wallpapers but we could have remotely deleted their entire hard drives. Educating the masses about computer security is a difficult task, but goddamn if drawing mustaches on people isn't funny.

Re:Am I the only one?

[Dutch_Cap]

No, Douglas Adams did invent the expression "wet slap", it's reality that's got it all wrong.

Re:Off Track

[bfg9000]

I'm still laughing at SCO's offer to pay a $250,000 reward to whoever can catch the MyDoom author. It's a bit like OJ offering $250,000 for the arrest of his wife's killer....

Re:Ingenious my arse

[zoney_ie]

Shhhhhh...

Re:McBride interview

[Flwyd]

You may modify and redistribute this virus however often you like, so long as you include the source code. If you do not share the source code, you may not redistribute this virus.

Sounds like a pretty sweet deal to me. No wonder Linux systems aren't hit very often; viruses violate the GPL.

Re:SCO connection is a red herring

[jamesh]

The obvious solution then is to demand that sco remove the sco.com domain. It's the only decent thing to do.

Re:the virus dies if www.sco.com dies

[Sj0]

Since this virus is an act of cyber-terrorism, could it be said that he's supporting the terrorists? Can we finally bomb utah?

Re:Stawin-A Trojan

[Dwedit]

Wow, typoing URLS on informative posts, then replying with the correction is an excellent way to effortlessly build your karma score. I've got to try that sometime.

Re:take the high road

[Bruce Perens]

What? You haven't been to groklaw to read the evidence? Perhaps you should do your homework.

From Russia with Love

[surfsalot]

I'm sure we could find some poor russian in siberia who would gladly accept say... 5k USD to sell one of their family members into the luxury of a US jail system. Plus we'd get to milk SCO for 250k... I like this plan. We'd probably also have to pay off an official "investigator" to forge some data, but it seems worth while... probably still come out 200k up for our side...

Re:Off Track

[LittleBigLui]

...free software community offer a bounty

I offer 15 lines of code. From System V. :)

Re:Off Track

[tehcyder]

Didn't anyone ever hear "Any publicity is good publicity." ?

Brilliant! In other news:

"Linux responsible for SARS virus"

"Linus Torvalds is Antichrist, confirms Pope"

"Open Source developers are sheltering Osama bin Lade, says Pentagon".